On Mon, 12 Aug 2002, Sbastien Bonnegent wrote: > A client connect to "www.example1.com", and provide an authentification. > Later, the same client connect to "www.example2.com" without give again > an authentification.
How is that not a security problem? Let's say we then have www.example3.attacker.com who provides the same Realm to the proxy. The proxy hands over the user's password to the attacker without the client even knowing anything happened. --Cliff
